Ycarus_ has quit [Remote host closed the connection]
pmelange has joined #openwrt-devel
<pmelange>
Hey, I have a question about using the imagebuilder and a locally built repo. I already have "src myrepo file:///a/b/c" and the Packages file is downloaded without a problem. But then it tries to do a signature check. Is there any way to disable the signature check?
<grift>
not sure what you mean but maybe add "PKG_MIRROR_HASH:=skip" to the package Makefile?
<grift>
probably not what you are asking
<pmelange>
No, the packages themselves are building just fine. I'm using the sdk for that. I also have generated the Packages and Packages.gz files with the sdk. When I use the ImageBuilder to source in my local repo, it pulls the Packages.gz from all the standard repos and from my local repo. Additionally it checks the Packages.sig file, which fails only
<pmelange>
on my local repo. But thanks for the suggestion.
nast has joined #openwrt-devel
<grift>
ok sry I dont know that, i just enclose the package directly with IB like so: make image PACKAGES="/home/grift/openwrt/bin/packages/target/custom/package.ipk"
<grift>
maybe someone else knows
Ycarus_ has joined #openwrt-devel
Ycarus_ has quit [Remote host closed the connection]
Ycarus has joined #openwrt-devel
<Borromini>
pmelange: check /etc/opkg/keys/
<Borromini>
that's where the signatures are
<pmelange>
Yes, on a running system. But that is also not what I'm looking for. I want to create an image with my custom repo and some of the packages within.
<pmelange>
Since I'm tired of figting against the imagebuilder, I'm just building all the packages needed for my target with the SDK and creating an image with that. It seems kinda pointless though. I'd rather use the prebuilt packages provided by openwrt whenever possible.
<Borromini>
you're using the sdk to include packages into the image, right?
<pmelange>
I'm using the SDK to build the packages as a local repo, then I want to use the imagebuilder to make the images including the previously built repo.
nitroshift has quit [Quit: Gone that way --->]
<plntyk>
pmelange, scripts/sign_image.sh ?
<pmelange>
That is how the generated images get signed :) But thanks for the suggestion.
<ynezz>
you can disable the signature check in .config
<ynezz>
CONFIG_SIGNATURE_CHECK=y
hsp has quit [Quit: WeeChat 3.0]
<pmelange>
I set it to CONFIG_SIGATURE_CHECK=n and I still have signature checks :/
<ynezz>
look around in that file
<ynezz>
if you want symbol disabled it shouldn't be set
<pmelange>
I also tried setting CONFIG_SIGNED_PACKAGES=n.
<pmelange>
Also tried commenting it out. Still doing the sig check
<ynezz>
I'm not using IB, so just guessing
<ynezz>
have you tried to disable the `option check_signature` in repositories.conf?
<pmelange>
Thanks for the suggestions
<dangole>
pmelange: option check_signature is repositories.conf should do the trick
<pmelange>
Yes, that was it. Thanks for the great tip. Now how about adding that to the wiki?
dorf has joined #openwrt-devel
<Borromini>
wiki's editable by everyone, if you register an account
<pmelange>
Thanks everyone for your support. I'm going to work on testing the new image.
pmelange has left #openwrt-devel [#openwrt-devel]
zkrx has quit [Ping timeout: 240 seconds]
<olmari>
dangole sorry about loong time... If still relevant test the ppc stuff, now I have device literally at hands now :)
<dangole>
olmari: yes, very relevant :)
<dangole>
olmari: please update to latest snapshot and install packages 'procd-ujail' and 'procd-seccomp' (the latter only if available on that platform)
<olmari>
dangole: aight, I shall wait AP 1 build to finish then take detour with wdr4900
hsp has joined #openwrt-devel
hsp has quit [Client Quit]
hsp has joined #openwrt-devel
zkrx has joined #openwrt-devel
zkrx has quit [Excess Flood]
zkrx has joined #openwrt-devel
hsp has quit [Quit: WeeChat 3.0]
hsp has joined #openwrt-devel
shibboleth has joined #openwrt-devel
<xback>
anyone any idea if something changed to the imagebuilder?
<xback>
I'm playing around with master again these days and noticed this when issueing make package_index
<xback>
Generating index for package ./kmod-wireguard_5.4.86+1.0.20201112-1_mips_24kc.ipk
<xback>
Cannot open file '/home/koen/firmware/cus_31013/openwrt-imagebuilder-ath79-mikrotik.Linux-x86_64/key-build' for reading
<xback>
Makefile:135: recipe for target 'package_index' failed
<xback>
make: *** [package_index] Error 1
<shibboleth>
PaulFertser, adrianschmutzler, dangole, look at that. sweet :). and here i had spent some time today making the suggested changes
<olmari>
dangole: Anything else there to test when device is up and installed? I remember do check something, but generally like "does it internet" and whatnot specifics?
<xback>
aparcar[m]: Any idea regarding avove?
<shibboleth>
adrianschmutzler, i was a bit perturbed by your suggestion to remove the "SOC"-part of the makefile since that'd become an issue during build
<xback>
as I notice you comitted some patches for the imagebuilder
valku has joined #openwrt-devel
zkrx has quit [Quit: zkrx]
<shibboleth>
dangole, also, since the dts has been changed to remove the underscore for the usb leds, i have a feeling that 01_leds should be updated?
<adrianschmutzler>
"16:59 shibboleth: adrianschmutzler, i was a bit perturbed by your suggestion to remove the "SOC"-part of the makefile since that'd become an issue during build"
<adrianschmutzler>
don't understand what you are referring to
<mirko>
Qt's decision to restrict access to (security-)fixes for respective LTS versions to commercial users only is a real downer. I wonder how Debian is dealing with it, given they the amount of Qt based software
<adrianschmutzler>
err, I never suggested to remove the SOC variable
<xback>
aparcar[m]: I notice the file key-build is present in the actual openwrt root folder after building, but it's not present in the generated imagebuilder.tar
<xback>
I think this is a bug and it should be included also inside the imagebuilder.tar ?
<adrianschmutzler>
I suggested to either use tplink,ad7200-v1 or drop DEVICE_VARIANT
<adrianschmutzler>
while BOARD_NAME and SUPPORTED_DEVICES need to be dropped
<olmari>
dangole: dude... I do not know what to say... I do NOT have wdr4900, thus no correct target here... I know I _had_ some, but apparently device is swapped with archer c7 at some point because that was needed here and ppc with it's double 11n was beter suited other location
<olmari>
-_-
<shibboleth>
wasn't there a owrt mug with wdr4399/4900 that limited txpower?
<shibboleth>
bug
<hurricos>
shibboleth: I remember the 3700 one which was due to not properly flipping the PAs on all the anntennas
<hurricos>
or was it 3600?
<dangole>
olmari: thanks for getting back and remembering anyway, i'll have to find some other potential PPC-target-owner to test ujail...
<shibboleth>
iirc the 3600/4300
<shibboleth>
same device, except for the extra antenna
<olmari>
dangole: well I know where the device is, but makes no go for immediate testing
<hurricos>
dangole: I own MX60 (apm82181), HiveAP 330 (mpc85xx)
<shibboleth>
and my recollection is that the 4900 is very similar
<hurricos>
by test you mean what -- boot staging initramfs and install the packages?
<hurricos>
(and test them, presumably?)
<olmari>
3600/4300 and then archer c2 is arm something something
<olmari>
4900 is ath wifi but PPC cpu
<shibboleth>
right. same radio iirc
<olmari>
and dangoles test was specifically test some process jailing or whatnot on PPC :)
<shibboleth>
sorry, i read "double 11n was beter suited other location" as better wifi perf
<olmari>
tho if there is WRD4300 or archer c2 related testing, both I could do exactly now :D
adrianschmutzler has quit [Quit: ~ Trillian - www.trillian.im ~]
<olmari>
shibboleth: well... basically "worse" wifi by paper specs, but the cabin it is hauled now does not need ac wifi, while this house benefits from that, hence swap
<shibboleth>
well, you'd be lucky to hit 5mbps openvpn on the 4300, presumably the 4900 fares better
<olmari>
but if there exist openwrt buld for hurricos device(s), I'd be so happy if he would test it
<shibboleth>
anyway, i have a feeling this is offtopic :)
<olmari>
shibboleth: I know neither of these are powerhouses in those regards... but at these locations they perform very suitably for their respective needs
<olmari>
shibboleth: kinda :P
<shibboleth>
yeah, at least now that the aforementioned bug was corrected
dana44 has joined #openwrt-devel
<olmari>
dangole: for whatever it's worth, I know there is propably no business on the cabin before some months, especially that I cna't do this remotely
<dangole>
hurricos: if you are willing to install latest snapshot on either of them and also install procd-ujail and procd-seccomp as well as umdns, that'd be a great help
<olmari>
or I mean... can, could... but should is very different
<dangole>
hurricos: once procd-ujail and procd-seccomp are installe, dnsmasq should be mountns jailed, busybox-ntpd should run non-root with capabilities and umdns should be seccomp jailed after the next reboot. just see if all three services come up and work as expected.
matteo| has quit [Quit: per aspera ad upstream]
mrkiko has joined #openwrt-devel
<mrkiko>
Hello all!!
<mrkiko>
noltari: ping
shibboleth has quit [Quit: shibboleth]
<Borromini>
yellow
<mrkiko>
Borromini: hi!!
victhor has quit [Remote host closed the connection]
<olmari>
BTW, for whomever listened me looong time ago.. thank yo... "firewall" is no longer practically mandatory in menuconfig :)
<olmari>
Had eve nforgot I made noise about it once, but now in the menuconfig I see I can untick it
<olmari>
mm well... Fortunately nowadays not THAT big of an issue, but wouldn't be first time need to compile in just that much stuff that I needed desperately to find things to drop... firewall was one of them, exept it was not easy "an yar ago"
<Borromini>
ynezz: i'll continue in here because biot doesn't like the openwrt so much in #rtl83xx
<olmari>
Plus at places I don't wanna put anything in that over-eager but know-nothing scriptkidides wanna conf stuff and block stuff out
<olmari>
..I also know mine wish is propably the one sad man that swims towards tides, but I still appreciate menuconfig working in sane manner with this one too, so, thank you still :P
nlowe has quit [Quit: Leaving]
<olmari>
now... the age old WirelessAPD menuconfig mess question... :P
<mrkiko>
anyone wanting to have some fun with me on bcm63xx?
<olmari>
dows wpad-openssl include wpad-mest-openssl
<olmari>
mesh*
Darkmatter66 has joined #openwrt-devel
<olmari>
despite tree structure it is presented in
<olmari>
I'd say "full" (in the description" means "everything is included", but also as I select one, I can't make other one as <*>
<olmari>
thank you or listening and mental support ;P
shibboleth has quit [Quit: shibboleth]
Misanthropos has quit [Ping timeout: 246 seconds]
Misanthropos has joined #openwrt-devel
Tapper has quit [Ping timeout: 240 seconds]
<Borromini>
you can have them all if you just use <m>
<Borromini>
or whatever the sign for modular is
eduardas has quit [Quit: Konversation terminated!]
<olmari>
Borromini: I know that, rootissue was that I wanted em all in system, not as modules in server... answer wasn't obviously clear from looking at the menu, but selection behaviour confirmed at latest that how it is... sure the one selection did mention "full" somewhere in description too, which I did not see at glancing :)
Misanthropos has quit [Ping timeout: 246 seconds]
Tapper has joined #openwrt-devel
Misanthropos has joined #openwrt-devel
dorf_ has joined #openwrt-devel
gch98121332898 has quit [Read error: Connection reset by peer]
gch9812133289 has joined #openwrt-devel
dorf has quit [Remote host closed the connection]
Tost has quit [Ping timeout: 246 seconds]
<mrkiko>
noltari: I am having no luck with nmrp to e.g. load regular firmware, even tough it communicates. i have the CFE web interface available, but don't know exactly what image it expects, I'll try later to build something
<olmari>
Did choose luci-ssl-openssl, nothing else on luci menuconfig
<aparcar[m]>
xback: key-build is a private you ideally distribute as little as possible
<aparcar[m]>
however the imagebuilder creates it's own key pair, if desired
dhewg has quit [Ping timeout: 256 seconds]
dangole has joined #openwrt-devel
<olmari>
I did not have chosen "backend tls provider" (or what was it exactly), I'll make clean and try again if that makes difference
Darkmatter66 has quit [Quit: ZNC 1.7.5 - https://znc.in]
Darkmatter66 has joined #openwrt-devel
ivanich has quit [Quit: Konversation terminated!]
Tost has joined #openwrt-devel
<olmari>
..nope, that alone did not help, I wonder what else is choosing what in those conflicting stuff
ivanich has joined #openwrt-devel
dhewg has joined #openwrt-devel
ivanich has quit [Quit: Konversation terminated!]
swex_ has joined #openwrt-devel
swex has quit [Ping timeout: 256 seconds]
<olmari>
okay, libraries has those libustream-openssl and -wolfssl... openssl was force-selected (because luci-ssl-openssl I think), but wolfssl was not deselected... is manually deselectable though.. so current master has tha deficiency, how ever that should or could be circumvented (I'd say also regression as this is new to me in this context)
<olmari>
^ on menuconfig
ivanich has joined #openwrt-devel
dedeckeh has quit [Remote host closed the connection]
dedeckeh has joined #openwrt-devel
blb4393 has joined #openwrt-devel
danitool has joined #openwrt-devel
Huntereb has joined #openwrt-devel
Landei has joined #openwrt-devel
<Landei>
Hi there
<Landei>
I guess I would need some help 😅
Landei has left #openwrt-devel [#openwrt-devel]
blb4393 has quit [Quit: ChatZilla 0.9.93 [Waterfox 56.3/MOZ_BUILDID]]
nlowe has joined #openwrt-devel
mmlb22 is now known as mmlb
<mrkiko>
someone might help me in understanding some properties like CFE_WFI_VERSION or CFE_WFI_FLASH type?
swex_ has quit [Quit: swex_]
<hurricos>
olmari / dangole: I was afraid to ask for help actually running something using those packages. So by default you just have normal system services running non-root?
<hurricos>
I'll boot up an initramfs each on amp821xx and mpc85xx tonight
<hurricos>
(and see if they work)
<hurricos>
in like an hour if I get my way.
<olmari>
@freenode_hurricos:matrix.org: While I know exactly as much as you do what to do at face value, but yes, for testing what is asked to confirm em working, would be indeed plain normal _snapshop_ version of mpc85xx openwrt build, and then install those packages mentioned (will need device to have internet or othermeans of providing packages to it)
<olmari>
but starting point is default openwrt indeed
<hurricos>
I have a 24 core Westmere server which takes 15 or so seconds to render `make menuconfig` which is fun when you accidentally close it all the time
<hurricos>
olmari: sounds good
<olmari>
AFAIK nothing in configwise is needed to be tested... but function test that "jailing" stuff works in MPC85xx as intended (like describer by dangole )
<olmari>
in theory it should be fast test... would.. if I ever have access to the damned elusive MPC85xx device :D
<hurricos>
was just mentioning it as you were talking about futzing w/ menuconfig
swex has joined #openwrt-devel
<hurricos>
olmari: Aerohive HiveAP 330 is cheap, my work still uses them and I snagged a few "" dead "" ones
<olmari>
hurricos: well those are well separate things... irrelevant to that specific test that is wanted to be done with that specific CPU / target platform :D
<hurricos>
oh right right.
dorf has joined #openwrt-devel
dedeckeh has quit [Remote host closed the connection]
swex has quit [Client Quit]
<olmari>
P.S. I usually use ./scripts/env to maintain different device setups on same buildroot
swex has joined #openwrt-devel
swex has quit [Client Quit]
dorf_ has quit [Ping timeout: 240 seconds]
dorf_ has joined #openwrt-devel
dorf has quit [Remote host closed the connection]
nlowe has quit [Ping timeout: 260 seconds]
nlowe has joined #openwrt-devel
nlowe has quit [Ping timeout: 240 seconds]
<lynxis>
dangole: what could possible go wrong. "PCIE over 60g". that's what dell / lenovo is using.
<lynxis>
"i guess.."
Misanthropos has quit [Ping timeout: 256 seconds]
<pkgadd>
lynxis: just out of curiosity, what actual performance can you achieve over 802.11ad? (I know, range and oxygen penetration of the signal are a problem - just curious what you can get at an arm's length)
<lynxis>
pkgadd: between 860mbit (uni directional) -> ~1gbit (two ways at the same time).
<lynxis>
ping is really weird because of aggregation without any load :)
Misanthropos has joined #openwrt-devel
<lynxis>
this is with wil6210 firmware 5.x and generic boardfile. mikrotik has firmware 6.x
<pkgadd>
nice, so in the rough realm of 802.11ax (I've seen ~930 MBit/s between BCM43684 and QCN5054, limited by my 1000BASE-T ethernet)
ivanich has quit [Quit: Konversation terminated!]
shibboleth has joined #openwrt-devel
<shibboleth>
dangole, owrt.org sysupgrade, factory image confirmed working
hbug has quit [Remote host closed the connection]
<lynxis>
shibboleth: on the talon?
<shibboleth>
mhm
<shibboleth>
802.11ad ap up and running
hbug has joined #openwrt-devel
<shibboleth>
iwinfo output is ofc lackluster, did not figure out how to apply dangoles patch to master in a hurry
<shibboleth>
lynxis, also, i've been using one in production for months at this point, the patch was first submitted in october, i believe
<dangole>
shibboleth: i've just tested everything extensively on lynxis hardware and another non-AD dakota device, pushed everything to master
Huntereb has quit [Ping timeout: 264 seconds]
<dangole>
shibboleth: ie. tomorrows snapshot for the ad7200 device will have all 802.11ad-related issues I've found in rpcd and iwinfo fixed
<shibboleth>
sweet. i've got a sep commitment for this evening but i'll report back tomorrow
Tapper has quit [Ping timeout: 264 seconds]
Tapper has joined #openwrt-devel
<mrkiko>
any idea on how I might create a smaller jffs2 images? the build system creates 64MB images by default, I would need something smaller I guess
shibboleth has quit [Quit: shibboleth]
Borromini has quit [Ping timeout: 246 seconds]
ivanich has joined #openwrt-devel
<lynxis>
dangole: ping
valku has quit [Remote host closed the connection]